My CEO opened an IRS email with a .zip attachment, containing CryptoWall, on Friday June 20th. He didn't realize he had been infected for 5 days. By that time I was on vacation so he got his son (a sys admin at another company) to clean the virus off the computer. Of course all of his files were still encrypted. The virus also got into a network share that had his online backups. They tried "restore previous version" on the Windows 7 computer and got a few files back. Then they tried restoring his my documents folder. The son believes there was not enough disk space which caused the restore to crash, and corrupt the windows shadow data. Now the OS is saying there are no previous versions to restore. The offline backup is old enough that the CEO wants to just pay the money to get his files back. I have a lot of misgivings about that. I know the ethical choice, but if I can't find a practical reason, I may not have a choice.
I have a lot of questions. The main ones are:
Is it possible to reverse the failed "restore previous versions" and go back to recovering the files a few at a time?
If we send $1000 to the ransomeware criminals, what are the chances that we will actually get the data back.
Can I avoid getting further infections in the process of sending payment getting the encryption keys and restoring the files.
As a question of forum etiquette, would it be double posting to start a separate thread on how I can avoid this type of thing in the future? Same event, but a very different topic.